How SUDO on Linux was HACKED! // CVE-2021-3156
9,529The most comprehensive video covering the sudo vulnerability CVE-2021-3156 Baron Samedit. I spent two weeks on rediscovering, analysing and exploitation of the sudoedit heap overflow. We will talk about fuzzing, code review, exploit strategies, heap feng shui and developing the exploit.
https://liveoverflow.com/support
Article: https://liveoverflow.com/critical-sudo-vulnerability-walkthrough-cve-2021-3156/
Binary Exploitation Playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN
PwnFunction's Binary Exploitation Playlist: https://www.youtube.com/playlist?list=PLI_rLWXMqpSkAYfar0HRA7lykydwmRY_2
Full CVE-2021-3156 Advisory: https://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html
Qualys Blog: https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
milek7's blog on fuzzing sudo: https://milek7.pl/howlongsudofuzz/
00:00 - Intro and Motivation
01:33 - afl: Fuzzing argv[]
03:22 - afl: sudo vs. sudoedit
04:27 - afl: Fuzzing setuid Process
06:49 - Fuzzing Conclusion
07:11 - Code Review: Identify Risky Code Through Isolation
09:39 - Code Review: Bypass Safe Conditions
11:15 - Exploit Strategy: Modern Mitigations
12:25 - The service_user Object Overwrite Technique
13:48 - Heap Feng Shui via Environment Variables
14:57 - Bruteforce Script to Find Exploitable Conditions
15:39 - Find and Analyse Useful Crashes
16:31 - Exploitability Analysis Conclusion
17:13 - Qualys Researchers Knew nss From Stack Clash
17:47 - Sudoedit Exploitable on macOs?
18:32 - Research Conclusion
19:27 - Outro
-=[ β€οΈ Support ]=-
β per Video: https://www.patreon.com/join/liveoverflow
β per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ π Social ]=-
β Twitter: https://twitter.com/LiveOverflow/
β Website: https://liveoverflow.com/
β Subreddit: https://www.reddit.com/r/LiveOverflow/
β Facebook: https://www.facebook.com/LiveOverflow/